0

我正在尝试配置 SSL 以连接到我的 RabbitMQ 代理。我认为我的问题与 Erlang 的 SSL 实现有关。我能够使用直接使用 OpenSSL 创建的证书/密钥对来使用它;但是,当我将使用 makecert.exe 制作的证书(并使用内部测试 CA 签名,也使用 makecert.exe 创建)转换为 PEM 格式并尝试使用该格式时,客户端无法连接并且服务器会记录 ssl_upgrade_failure。似乎我的证书有些东西是 Erlang 的 SSL 实现不喜欢的。

我正在使用 Erlang R16B 和与 Windows 7 SDK 捆绑的 makecert.exe。

这是我的证书:

-----BEGIN CERTIFICATE-----
MIIDTzCCAjugAwIBAgIQYuux7Ob2BL5PUnDLgT/igTAJBgUrDgMCHQUAMCgxJjAk
BgNVBAMTHUVsbGtheSBTdGFnaW5nIFJvb3QgQXV0aG9yaXR5MB4XDTEyMDgxNTE1
MTMzN1oXDTM5MTIzMTIzNTk1OVowMzExMC8GA1UEAx4oACoALgBsAGsAYwBsAG8A
dQBkAHMAdABhAGcAaQBuAGcALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANhryzuSNbDOUVqD7Oby/z+JNjICGemlpP0qmcAZ8JbE7ci/l5eu
BYwIyKy/LvjYYV6Z8ZlMKIbzmEgKxGCmSZjTcg08QXxG7CXpJfls/1ycv8Le7Tz0
ep2mzBnFhkOCNDQz2zAOiI/K6gwB0D2tv3O+j3ytnME8w+To5epzZSnfGHRIutQ4
jC7rVz8T1oLixYynQ39tG6L5ALmu5u1DZTRYmzaIbF16c6dy1m8OCqAvQ3LnykZq
rukjjaLDlJT6ZbUUXaZeGS2avf8ZM0f+HlrdDR+IFC/CxipxzHa6kStc+1dZVgqj
jT7ql9nEQ/8DaXmF4C749ELbtWOlSB/ElwUCAwEAAaNyMHAwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwWQYDVR0BBFIwUIAQx8ryGLLGJ2Qr6NrWGYDWT6EqMCgxJjAkBgNV
BAMTHUVsbGtheSBTdGFnaW5nIFJvb3QgQXV0aG9yaXR5ghAu7ZXj5fLAu0CXveR3
xHi0MAkGBSsOAwIdBQADggEBACiAPScOR/DViwY4ZDVSxeGFqezh6ubWt4aqrYlt
h6ODWF1T0uUjf/VKksPtXlAxAz1F7IHmf80VAGPY18ZmH9JvnVz67PdGcKi6RMHY
vpBT79vbv0/+9TXxdIl2+qafuVb5ckmSlq1pIslnlZszt32pwrSYDvLihfRLStvV
MzKtUGRsug/eUeuCQBAalAHmuNh77bC6Bnp2ZMg/7HEb0bqXQS1mOupiN3Ylpe/y
r3pT7+xLzyzX4NY7GyYVO2VPnz2kvNbrTsTPWO7y1NQc3tDbRIwQeCqpYditByVN
cS/zgODqcpH1NipIfL/JTMFvA5O0jlgpSQDbRxiQELjJ9ms=
-----END CERTIFICATE-----

这是来自 RabbitMQ 的日志的相关部分:

=INFO REPORT==== 28-Mar-2013::20:46:52 ===
accepting AMQP connection <0.301.0> (192.168.51.234:50804 -> 192.168.51.153:5671)

=ERROR REPORT==== 28-Mar-2013::20:46:52 ===
** State machine <0.302.0> terminating 
** Last message in was {tcp,#Port<0.15153>,
                            <<22,3,0,0,53,1,0,0,49,3,0,81,84,228,150,220,41,
                              203,120,104,165,175,147,215,108,167,136,54,238,
                              178,50,70,122,181,212,166,114,251,121,27,202,52,
                              143,0,0,10,0,5,0,10,0,19,0,4,0,255,1,0>>}
** When State == hello
**      Data  == {state,server,
                     {#Ref<0.0.0.1972>,<0.301.0>},
                     gen_tcp,tcp,tcp_closed,tcp_error,"localhost",5671,
                     #Port<0.15153>,
                     {ssl_options,[],verify_none,
                         {#Fun<ssl.1.131723950>,[]},
                         false,false,undefined,1,
                         <<"C:/Users/ScottB/AppData/Roaming/RabbitMQ/lkcloudstaging_cer.pem">>,
                         undefined,
                         <<"C:/Users/ScottB/AppData/Roaming/RabbitMQ/server/key.pem">>,
                         undefined,undefined,undefined,<<>>,undefined,
                         undefined,
                         [<<0,107>>,
                          <<0,106>>,
                          <<0,61>>,
                          <<0,103>>,
                          <<0,64>>,
                          <<0,60>>,
                          <<0,57>>,
                          <<0,56>>,
                          <<0,53>>,
                          <<0,22>>,
                          <<0,19>>,
                          <<0,10>>,
                          <<0,51>>,
                          <<0,50>>,
                          <<0,47>>,
                          <<0,5>>,
                          <<0,4>>,
                          <<0,21>>,
                          <<0,9>>],
                         #Fun<ssl.0.131723950>,true,268435456,false,undefined,
                         undefined,false,undefined,undefined},
                     {socket_options,binary,0,0,0,false},
                     {connection_states,
                         {connection_state,
                             {security_parameters,
                                 <<0,0>>,
                                 0,0,0,0,0,0,0,0,0,0,0,undefined,undefined,
                                 undefined,undefined},
                             undefined,undefined,undefined,0,undefined,
                             undefined,undefined},
                         {connection_state,
                             {security_parameters,undefined,0,undefined,
                                 undefined,undefined,undefined,undefined,
                                 undefined,undefined,undefined,undefined,
                                 undefined,undefined,undefined,
                                 <<81,84,228,124,31,218,166,3,48,108,125,182,
                                   121,180,129,153,59,55,16,200,98,117,189,183,
                                   170,169,208,189,111,61,67,162>>,
                                 undefined},
                             undefined,undefined,undefined,undefined,
                             undefined,undefined,undefined},
                         {connection_state,
                             {security_parameters,
                                 <<0,0>>,
                                 0,0,0,0,0,0,0,0,0,0,0,undefined,undefined,
                                 undefined,undefined},
                             undefined,undefined,undefined,0,undefined,
                             undefined,undefined},
                         {connection_state,
                             {security_parameters,undefined,0,undefined,
                                 undefined,undefined,undefined,undefined,
                                 undefined,undefined,undefined,undefined,
                                 undefined,undefined,undefined,
                                 <<81,84,228,124,31,218,166,3,48,108,125,182,
                                   121,180,129,153,59,55,16,200,98,117,189,183,
                                   170,169,208,189,111,61,67,162>>,
                                 undefined},
                             undefined,undefined,undefined,undefined,
                             undefined,undefined,undefined}},
                     [],<<>>,<<>>,
                     {[],[]},
                     [],311374,
                     {session,undefined,undefined,
                         <<48,130,3,79,48,130,2,59,160,3,2,1,2,2,16,98,235,177,
                           236,230,246,4,190,79,82,112,203,129,63,226,129,48,9,
                           6,5,43,14,3,2,29,5,0,48,40,49,38,48,36,6,3,85,4,3,
                           19,29,69,108,108,107,97,121,32,83,116,97,103,105,
                           110,103,32,82,111,111,116,32,65,117,116,104,111,114,
                           105,116,121,48,30,23,13,49,50,48,56,49,53,49,53,49,
                           51,51,55,90,23,13,51,57,49,50,51,49,50,51,53,57,53,
                           57,90,48,51,49,49,48,47,6,3,85,4,3,30,40,0,42,0,46,
                           0,108,0,107,0,99,0,108,0,111,0,117,0,100,0,115,0,
                           116,0,97,0,103,0,105,0,110,0,103,0,46,0,99,0,111,0,
                           109,48,130,1,34,48,13,6,9,42,134,72,134,247,13,1,1,
                           1,5,0,3,130,1,15,0,48,130,1,10,2,130,1,1,0,216,107,
                           203,59,146,53,176,206,81,90,131,236,230,242,255,63,
                           137,54,50,2,25,233,165,164,253,42,153,192,25,240,
                           150,196,237,200,191,151,151,174,5,140,8,200,172,191,
                           46,248,216,97,94,153,241,153,76,40,134,243,152,72,
                           10,196,96,166,73,152,211,114,13,60,65,124,70,236,37,
                           233,37,249,108,255,92,156,191,194,222,237,60,244,
                           122,157,166,204,25,197,134,67,130,52,52,51,219,48,
                           14,136,143,202,234,12,1,208,61,173,191,115,190,143,
                           124,173,156,193,60,195,228,232,229,234,115,101,41,
                           223,24,116,72,186,212,56,140,46,235,87,63,19,214,
                           130,226,197,140,167,67,127,109,27,162,249,0,185,174,
                           230,237,67,101,52,88,155,54,136,108,93,122,115,167,
                           114,214,111,14,10,160,47,67,114,231,202,70,106,174,
                           233,35,141,162,195,148,148,250,101,181,20,93,166,94,
                           25,45,154,189,255,25,51,71,254,30,90,221,13,31,136,
                           20,47,194,198,42,113,204,118,186,145,43,92,251,87,
                           89,86,10,163,141,62,234,151,217,196,67,255,3,105,
                           121,133,224,46,248,244,66,219,181,99,165,72,31,196,
                           151,5,2,3,1,0,1,163,114,48,112,48,19,6,3,85,29,37,4,
                           12,48,10,6,8,43,6,1,5,5,7,3,1,48,89,6,3,85,29,1,4,
                           82,48,80,128,16,199,202,242,24,178,198,39,100,43,
                           232,218,214,25,128,214,79,161,42,48,40,49,38,48,36,
                           6,3,85,4,3,19,29,69,108,108,107,97,121,32,83,116,97,
                           103,105,110,103,32,82,111,111,116,32,65,117,116,104,
                           111,114,105,116,121,130,16,46,237,149,227,229,242,
                           192,187,64,151,189,228,119,196,120,180,48,9,6,5,43,
                           14,3,2,29,5,0,3,130,1,1,0,40,128,61,39,14,71,240,
                           213,139,6,56,100,53,82,197,225,133,169,236,225,234,
                           230,214,183,134,170,173,137,109,135,163,131,88,93,
                           83,210,229,35,127,245,74,146,195,237,94,80,49,3,61,
                           69,236,129,230,127,205,21,0,99,216,215,198,102,31,
                           210,111,157,92,250,236,247,70,112,168,186,68,193,
                           216,190,144,83,239,219,219,191,79,254,245,53,241,
                           116,137,118,250,166,159,185,86,249,114,73,146,150,
                           173,105,34,201,103,149,155,51,183,125,169,194,180,
                           152,14,242,226,133,244,75,74,219,213,51,50,173,80,
                           100,108,186,15,222,81,235,130,64,16,26,148,1,230,
                           184,216,123,237,176,186,6,122,118,100,200,63,236,
                           113,27,209,186,151,65,45,102,58,234,98,55,118,37,
                           165,239,242,175,122,83,239,236,75,207,44,215,224,
                           214,59,27,38,21,59,101,79,159,61,164,188,214,235,78,
                           196,207,88,238,242,212,212,28,222,208,219,68,140,16,
                           120,42,169,97,216,173,7,37,77,113,47,243,128,224,
                           234,114,145,245,54,42,72,124,191,201,76,193,111,3,
                           147,180,142,88,41,73,0,219,71,24,144,16,184,201,246,
                           107>>,
                         undefined,undefined,undefined,new,63531722812},
                     323665,ssl_session_cache,undefined,undefined,false,
                     undefined,undefined,undefined,
                     {'RSAPrivateKey','two-prime',
                         25091000490399564416382733665912293706281236323287507449391018333858706088067104372951637210440828548699801793107621328582247328739957168356535343760898421117596223923057958675108280840952652110424468556362893842108742460936250265912296002218912760264533284800177616747391132407486580757942725318853670784742540298023139943942002078742079335138046822007139070167779479715409389988021492873379536675527198388004784204705449619014967663111341423672277165259908002197645143645833929707716094821495848245665580802072300300901995696081299311434728567907957618159230597695337971845318310069905698028328520007565703331606819,
                         65537,
                         12532291835951284642352753464759952731760837234028003552929880741268762456120795803045590924921343389430997938501684187097537025786559622030041471881063352256944852432936802405831735737793065202597533511207149656340503466992496089298764016305810310122514496309703131156584850210212028846765905833153120519214366483351036620512028360903366902227866159233021509892771286294064778569099266243884082209785268720465970929381008430443130075496396131177443808450873061131440124680376808011317874020764946935204300278562787258089499308485762628408971801392792765876969493808892573747399158232707154902628249712310347508330481,
                         164613524625768478096728511491146234379950805547018160443402940694931123301226530314268605486708880647658162742710176890755691202467149416112553065729831746391569481381229328262217225008710581122456985360175690217141752754366597025760074826970126144030433840076718674219450293036228318089528491377991378917023,
                         152423687831490839453627602007609954938806264385151113997291723876694061058672531571680491904693205860873313947735180318401018227463103944680073963443527347105243646402511993135691316201430837009543216841366727950952917475175355759283610454988240555587842851002909990207473661609226206434152468235025307200253,
                         103984547751379971996375538203182369609466154978729646218112491292391375460388439026510307132524542623745369476562226118076733144497574174552444945117251391868174999766567175194585209852993108440859312097378784492720927449807326399887717438420071901928924585277569562140638458907286206884483421800776127924467,
                         39507777060187907438527428403852332339678380351718296130002815409515266417499584872791499702229633458331247753638059539934359165508273901891762155988452310073344428665326017782260225343145179490686339388197454990354108505894437772295812911773276810317388444847741459078907412450309375905167279214922484907925,
                         140777917719684893441642072243040594921813463059778562021367548768326948139714681618402000290527139618053328133891840461484222782830228667641262369743730585486629970714763524415800836168519782394433537656246543908266747427470739521793087643652694808980372432733634387874662999415574210646072641560865328049441,
                         asn1_NOVALUE},
                     {'DHParameter',
                         179769313486231590770839156793787453197860296048756011706444423684197180216158519368947833795864925541502180565485980503646440548199239100050792877003355816639229553136239076508735759914822574862575007425302077447712589550957937778424442426617334727629299387668709205606050270810842907692932019128194467627007,
                         2,asn1_NOVALUE},
                     undefined,undefined,315471,#Ref<0.0.0.1974>,undefined,
                     <<>>,true,
                     {false,first},
                     {<0.301.0>,#Ref<0.0.0.1971>},
                     #Ref<0.0.0.1980>,
                     {[],[]},
                     false,true,false,undefined}
** Reason for termination = 
** {{badmatch,
        {error,
            {asn1,
                {'Type not compatible with table constraint',
                    {{component,'Type'},
                     {value,{5,<<>>}},
                     {unique_name_and_value,id,{1,3,14,3,2,29}}}}}}},
    [{public_key,pkix_decode_cert,2,[{file,"public_key.erl"},{line,218}]},
     {ssl_cipher,filter,2,[{file,"ssl_cipher.erl"},{line,484}]},
     {ssl_handshake,select_session,8,[{file,"ssl_handshake.erl"},{line,654}]},
     {ssl_handshake,hello,4,[{file,"ssl_handshake.erl"},{line,178}]},
     {ssl_connection,hello,2,[{file,"ssl_connection.erl"},{line,413}]},
     {ssl_connection,next_state,4,[{file,"ssl_connection.erl"},{line,2001}]},
     {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,494}]},
     {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,239}]}]}

=ERROR REPORT==== 28-Mar-2013::20:46:52 ===
error on AMQP connection <0.301.0>: {ssl_upgrade_failure,
                                     {{{badmatch,
                                        {error,
                                         {asn1,
                                          {'Type not compatible with table constraint',
                                           {{component,'Type'},
                                            {value,{5,<<>>}},
                                            {unique_name_and_value,id,
                                             {1,3,14,3,2,29}}}}}}},
                                       [{public_key,pkix_decode_cert,2,
                                         [{file,"public_key.erl"},{line,218}]},
                                        {ssl_cipher,filter,2,
                                         [{file,"ssl_cipher.erl"},{line,484}]},
                                        {ssl_handshake,select_session,8,
                                         [{file,"ssl_handshake.erl"},
                                          {line,654}]},
                                        {ssl_handshake,hello,4,
                                         [{file,"ssl_handshake.erl"},
                                          {line,178}]},
                                        {ssl_connection,hello,2,
                                         [{file,"ssl_connection.erl"},
                                          {line,413}]},
                                        {ssl_connection,next_state,4,
                                         [{file,"ssl_connection.erl"},
                                          {line,2001}]},
                                        {gen_fsm,handle_msg,7,
                                         [{file,"gen_fsm.erl"},{line,494}]},
                                        {proc_lib,init_p_do_apply,3,
                                         [{file,"proc_lib.erl"},{line,239}]}]},
                                      {gen_fsm,sync_send_all_state_event,
                                       [<0.302.0>,{start,5000},infinity]}}}

请注意,创建此证书/密钥对仅用于测试目的,但我担心我们的生产证书/密钥对会以类似的方式失败。

4

1 回答 1

0

我把这个问题带到了 erlang-questions 邮件列表并收到了以下不幸的答案:

你好!

这是因为某些软件不使用 PKCS 标准 oid,而是使用替代 ISO-oid。在即将发布的 public_key 和 ssl 版本中,这是通过处理这些替代 oid 来解决的,请参阅提交:006f45a738a6612958381b2fcbf48586c008d911

问候 Ingela Erlang/OTP 团队 - Ericsson AB

回复的固定链接

于 2013-04-06T18:58:16.277 回答